diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index 6ae112c27d..f557eb7782 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -125,8 +125,10 @@ SEVFIRMWAREPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
 AGENTCONFIGFILEPATH := /etc/agent-config.toml
 AGENTCONFIGFILEKERNELPARAM := agent.config_file=$(AGENTCONFIGFILEPATH)
 
-TDXKERNELPARAMS := tdx_disable_filter
-SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM)
+ROOTMEASURECONFIG ?= ""
+TDXKERNELPARAMS := tdx_disable_filter $(ROOTMEASURECONFIG)
+SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) $(ROOTMEASURECONFIG)
+KERNELPARAMS += $(ROOTMEASURECONFIG)
 
 # Name of default configuration file the runtime will use.
 CONFIG_FILE = configuration.toml
diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh
index 05d783de87..d32a0130a6 100755
--- a/tools/packaging/guest-image/build_image.sh
+++ b/tools/packaging/guest-image/build_image.sh
@@ -68,6 +68,9 @@ build_image() {
 		IMG_OS_VERSION="${img_os_version}" \
 		ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
 	mv -f "kata-containers.img" "${install_dir}/${image_name}"
+	if [ -e "root_hash.txt" ]; then
+	    cp root_hash.txt "${install_dir}/"
+	fi
 	(
 		cd "${install_dir}"
 		ln -sf "${image_name}" kata-containers.img
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 9a06698823..e7687d390b 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -149,7 +149,15 @@ install_cc_shimv2() {
 	GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)"
 	export GO_VERSION
 	export REMOVE_VMM_CONFIGS="acrn fc"
-	DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="DEFSERVICEOFFLOAD=true" "${shimv2_builder}"
+
+        extra_opts="DEFSERVICEOFFLOAD=true"
+	if [ -f "${repo_root_dir}/tools/osbuilder/root_hash.txt" ]; then
+		root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${repo_root_dir}/tools/osbuilder//root_hash.txt")
+		root_measure_config="cc_rootfs_verity.scheme=dm-verity cc_rootfs_verity.hash=${root_hash}"
+		extra_opts+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
+	fi
+
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="${extra_opts}" "${shimv2_builder}"
 }
 
 # Install static CC virtiofsd asset